IEG on Cybercrime - Australian Comments ahead of the stocktaking meeting - Vienna, April 2021
Page content transcription
If your browser does not render page correctly, please read the page content below
IEG on Cybercrime – Australian Comments ahead of the stocktaking meeting – Vienna, April 2021 Australia thanks the open-ended intergovernmental expert group to conduct a comprehensive study of the problem of cybercrime (the IEG) for its work in compiling the list of State recommendations submitted to the IEG over its preceding three meetings in 2018, 2019 and 2020. Australia takes this opportunity to provide specific comments on selected recommendations (Part 1). We also provide detailed comments on the broader issue of maintaining a Vienna-based forum for technical exchange and capacity building (Part 2). Part 1: Comments on IEG recommendations General comments 1. Australia acknowledges and accepts the passage of UNGA Resolution 74/247. During the discussion of 74/247, Australia, along with many other Member states, reiterated its view that a new UN convention on cybercrime was not required for States to make progress combatting cybercrime and its impacts on society. Despite these arguments, the mandate of the Ad Hoc Committee established by Resolution 74/247 passed by a recorded vote. Following the will of the General Assembly, Australia will respect the work and mandate of the Ad Hoc Committee, but it is important that the IEG’s report does not now imply consensus on this issue where none exists. The views of the many member States which identified the effectiveness of utilising existing instruments, including the United Nations Convention against Transnational and Organised Crime and the Council of Europe Budapest Convention on Cybercrime (the Budapest Convention), remain valid and the passage of 74/247 does not change that. 2. The nature of cybercrime and State responses continue to evolve rapidly and have done so across the duration of the IEG’s mandate. It will be important that the report reflect that the recommendations and conclusions collated for the study provide a snapshot in time against a background which is continually changing and raising new and difficult issues. Accordingly, the IEG’s recommendations and conclusions may not necessarily reflect efforts to modernise existing international instruments, such as the draft Second Additional Protocol to the Budapest Convention. 3. Australia notes the impact of the COVID-19 pandemic on the 2020 meetings of the IEG and its outcomes (International Cooperation and Prevention) which prevented discussion of recommendations by States (in contrast with previous meetings) and instead resulted in a simple list of every recommendation put forward by a Member States. On this basis, Australia has provided more detailed comments on conclusions and recommendations submitted at those sessions. Duplication of issues dealt with under other UN initiatives on Cyberspace and International Peace and Security 4. Australia is concerned that several recommendations fall outside the scope of cybercrime and the criminal misuse of ICTs. Issues related to information and communications technologies in the context of international peace and security – including the behaviour of States, the application of existing international law and agreed norms, the protection of critical infrastructure from malicious cyber activity, and malicious cyber activity conducted by States or their proxies and possible
responses thereto – are duplicative of the discussions among all 193 UN Member States in the UN First Committee Open Ended Working Group, which concluded its report on 12 May; the new 5-year Open Ended Working Group, which will begin its work in June, as well as the Groups of Governmental Experts on Cyber. Australia therefore objects to the inclusion of the following recommendations on the basis that they relate to matters of international peace and stability and fall outside the mandate of the IEG and the Third Committee recommendations 8(f), (h), (m), (ee)(iii) under International Cooperation and recommendations 9(g), (u), (kk), (ll), (nn), (pp) under Prevention. Legislation and frameworks 5. The critical importance of ensuring legislation and frameworks are contemporary, technology neutral and appropriately criminalise the underlying conduct must be underscored – these elements form the basis of a State’s national response to cybercrime and are essential precursors for international cooperation. As is the case with all criminal laws and legislative frameworks, careful consideration must be given to ensuring a balanced approach to law enforcement, human rights and privacy issues, ensuring compliance with member States’ human rights obligations. Close consultation with civil society, industry and relevant stakeholder is critical in general, but particularly so in this regard. Public-private partnerships will continue to be essential to detecting, preventing and obtaining electronic evidence to investigate and prosecute cybercrime. Given the transnational nature of cybercrime and the need to eliminate safe havens for criminals, extraterritorial jurisdiction should be applied to cybercrimes, in accordance with international law. 6. Conclusions should underscore the importance of a ‘system wide’ approach to criminal justice. Legislation and frameworks for cybercrime must provide for, and be accompanied by, appropriate powers, procedures, capabilities and capacity across the entire justice system, including law enforcement, central authorities, prosecutorial authorities, and the judiciary. 7. Member states should take advantage of existing international frameworks which provide for effective international cooperation cybercrime including the Council of Europe Convention on Cybercrime (Budapest Convention) and the United Nations Convention Against Transnational and Organised Crime. 8. Commentary on Australia’s support for continuation of technical and expert exchange, including through the IEG, is addressed in Part 2, below. In line with these general comments, Australia strongly supports the intent of the following recommendations and conclusions: 4(a),(d),(e), (g), (i), (j), (t), (u). In line with our comments on human rights, privacy, and good governance Australian also supports the intent of recommendation 5(n), currently listed under Criminalization In line with our comments on contemporary legislative frameworks which are technology neutral, Australia also supports the intent of recommendation 6 (j) currently listed under Law Enforcement and Investigations In line with our comments on the benefits of utilising existing international frameworks to cooperate on cybercrime Australia also supports the intent of recommendations 6 (b), (c), and (d) currently listed under the Law Enforcement and Investigations
Criminalization 9. Criminalisation of conduct constituting cybercrime is fundamental to national and international efforts to combat cybercrime. This should include key offences relating to the confidentiality, integrity and availability of computer networks and computer data and should take into account widely recognized international standards. In order to be effective, law enforcement must be appropriately empowered and equipped to undertake cybercrime investigations. An often overlooked, but critical aspect of an effective criminal justice response to cybercrime is the maintenance of appropriate arrangements for obtaining, management and handling, judicial consideration and international cooperation on electronic forms of evidence. In line with these comments, Australia strongly supports the intent of the following recommendations and conclusions: 5(b), (d), (j), (l). Law Enforcement and Investigations 10. The rapid pace and cross-border nature of cybercrime pose challenges for traditional regulatory and law enforcement approaches. The capacity and capabilities of our agencies, particularly law enforcement agencies, need to keep pace with evolving technologies if police are to perform their duties in the digital environment. At the most basic level, all police officers need to know how to gather and analyse digital evidence, leaving specialist units to focus on more complex cybercrimes. Specialist units within law enforcement agencies must have the training and capabilities to detect and investigate the more complex and sophisticated use of technology in criminal activities. In line with these comments, Australia strongly supports the intent of the following recommendations and conclusions: 6(h), (I), (k), (n). In line with our comments on capacity, capability and specialisation of criminal justice agencies to effectively combat cybercrime, Australia also supports the intent of recommendations 8(ccc), (ddd). Electronic Evidence and Criminal Justice 11. The use of online and cloud computing services has become integral to communication in daily life. From a criminal justice perspective, this makes them key sources of evidence for prosecuting both traditional and online crime. However, the successful prosecution of individuals who commit crimes involving electronic evidence relies on: appropriately skilled and resourced law enforcement agencies and forensic practitioners who are able to collect, analyse and present the evidence; a legislative framework that facilitates the collection, presentation and adjudication of evidence in the modern era, noting that relevant electronic evidence may be stored beyond the jurisdiction of the investigating law enforcement agency, and the nation’s borders generally; and appropriately trained prosecutorial, judicial and central authorities that can work efficiently and effectively with electronic evidence.
12. Australia recognises the importance of capacity building, collaboration and international cooperation, and exchange on trends and best practices for combatting cybercrime. Our views on the best forum to address this ongoing need are outlined in Part 2 of this paper. In line with these comments, Australia strongly supports the intent of the following recommendations and conclusions: 7(b), (c), (d), (f), (g), (o)(i-vi), o(viii), o(xii-xv), (r), (v). International cooperation 13. Australia agrees with recommendations and conclusions advocating that Member States be encouraged to use international treaties and arrangements already in existence, such as the Budapest Convention. The Budapest Convention provides a foundational substantive and procedural legal framework that enhances the ability to combat cybercrime and the collection of electronic evidence more broadly. 14. Member States should also be informed of efforts to modernise existing international treaties, such as the Budapest Convention. Currently, the Budapest Convention Cybercrime Committee (T-CY) are negotiating the Second Additional Protocol on enhanced cooperation and disclosure of electronic evidence. This will significantly improve the ability for Parties to both directly and indirectly obtain electronic evidence to combat all manner of crime types (including cybercrime) and facilitate more effective international cooperation (such as joint investigations). Terminology and definitions 15. Efforts to define ‘cybercrime’ should focus on technology-neutral language to ensure that the recommendations and conclusions are relevant and accessible to all jurisdictions despite the constant evolution of technologies. 16. Australian notes recommendation (8(a) International Cooperation) refers to ‘child pornography.’ Member States should be encouraged to replace references to ‘child pornography’ as with more appropriate alternative terms, such as ‘child sexual abuse material.’ Similarly, the Member States should be encouraged to use alternative terminology such as ‘non-consensual sharing of intimate images’ in place of references to ‘revenge porn’, as included in recommendation 5(i)(ii). Capacity building and technical assistance 17. Recommendations and conclusions should foster international cooperation, confidence building and trust between countries to ensure that criminal justice practitioners have effective and efficient ways to detect, prevent, investigate and prosecute cybercrime. 18. Capacity building and technical assistance are an important feature of international cooperation and building global resilience – the response to cybercrime is only as strong as our collective efforts. The need for appropriate capacity building programs, particularly for developing countries and small island states, is a key theme of conclusions and recommendations across the IEG’s thematic meetings. Australia strongly supports the UNODC’s role in the provision of capacity building and expertise on cybercrime, including through its Global Programme on Cybercrime. Capacity building programs should adopt a system-wide approach and include support for the development of relevant cybercrime legislation and frameworks.
19. International efforts should focus on the provision of capacity building and technical assistance to strengthen the ability of law enforcement authorities to combat cybercrime, especially child sexual abuse online. 20. Commentary on Australia’s support for continuation of technical and expert exchange, including through the IEG, is included in Part 2, below. Investment in international crime cooperation 21. Member States should be encouraged to invest in central authorities to ensure effective international crime cooperation, including by ensuring there is sufficient expertise to respond to emergency requests and securing the preservation of data to reduce the risks associated with data loss/volatility. Central authorities should also be supported through mechanisms such as 24/7 networks in law enforcement or specific contact points in central authorities, to ensure mutual legal assistance can be provided to the widest extent possible. Domestic procedural frameworks and international cooperation 22. Government access to data for law enforcement purposes should be supported by frameworks that ensure the preservation of electronic evidence – such as the preservation procedural measures of the Budapest Convention. Collective consideration should also be given to ensure law enforcement and national security agencies lawful access to end-to-end encrypted data is maintained on messaging platforms, to support the prevention, detection, investigation and prosecution of criminal offences. 23. There are many challenges with the current status quo in terms of international cooperation. Member States should be encouraged to consider how international cooperation can be improved and made more effective. 24. Member States should be encouraged to strengthen their own law enforcement capabilities to combat cybercrime, including through establishing specialised expertise within law enforcement and prosecutorial authorities to investigate and prosecute cybercrime. Public and private partnerships 25. Member States should be encouraged to support the position that criminality on the internet is not only the responsibility of governments, but also shared with industry. This includes the need for industry to develop policy, codes and practices in responding to the criminal use of their networks and services. Broader education efforts will be necessary to give effect to this position. 26. Public-private partnerships are critical to detecting, preventing and obtaining electronic evidence to investigate and prosecute cybercrime. This includes public-private partnerships that ensure lawful access is maintained to end-to-end encrypted data on messaging platforms. 27. Member States should be encouraged to engage with domestic and international service providers that provide services to their jurisdiction, to ensure there is open dialogue around how Member State authorities can obtain electronic evidence (including through international cooperation mechanisms such as mutual legal assistance).
In line with the above comments, Australia strongly supports the intent of the following recommendations and conclusions: 8 (a), (c), (e), (p), (r), (s), (t), (u), (w), (z), (bb), (hh), (jj), (ll), (pp), (rr), (uu), (aaa), (ggg). In line with our comments on capacity building, Australia also supports the intent of recommendation 4(n) under Legislation and Frameworks, 6(e), (f), and (t) under Law Enforcement and Investigations. In line with our general comments, above, Australia could not support the following recommendations: 8 (f), (h), (m), (ee)(iii). Prevention 28. Australia agrees that prevention is not only the responsibility of governments but requires the participation of all relevant stakeholders, including industry and the public. 29. Australia supports the recommendations and conclusions regarding the development of initiatives to better equip the public to protect themselves against cybercrime, including accessible prevention tools and public awareness campaigns for the safe and legal use of the internet. 30. Australia supports recommendations to move to a more proactive prevention posture, including greater and more routine information sharing between Member States on criminal modi operandi. 31. Australia supports the development of strategies and measures to ensure prevention keeps pace with advances in technology, such as the criminal use of anonymising tools. For example, Australia supports efforts to prevent terrorist and violent extremist use of the internet through working with governments, industry and civil society. 32. Australia supports greater sharing of international best practice on effective and successful prevention of cybercrime (such as through the IEG). In line with the above comments, Australia strongly supports the intent of the following recommendations and conclusions: 9(a), (b), (v), (w), (y), (z), (aa), (gg). In line with our comments on public awareness and prevention tools, Australia supports recommendation 5(q) under Criminalization. In line with our general comments, above, Australia could not support the following recommendations: 9 (g), (u), (kk), (ll), (nn), (pp).
Part 2: The need for an ongoing forum for technical exchange 25. The original mandate of the Intergovernmental Expert Group on Cybercrime (IEG), established in UNGA Resolution 65/230, set out a two-pronged mandate for the IEG’s work: Requests the Commission on Crime Prevention and Criminal Justice to establish, in line with paragraph 42 of the Salvador Declaration, an open-ended intergovernmental expert group, to be convened prior to the twentieth session of the Commission, to conduct a comprehensive study of the problem of cybercrime and responses to it by Member States, the international community and the private sector, including the exchange of information on national legislation, best practices, technical assistance and international cooperation, with a view to examining options to strengthen existing and to propose new national and international legal or other responses to cybercrime.1 26. That mandate specified the IEG’s primary objective as the completion of a comprehensive study of the problem of cybercrime and responses to it by Member States. As part of that mandate, it also included a request that the IEG facilitate ‘the exchange of information on national legislation, best practices, technical assistance and international cooperation’, with a view to improving the international response to cybercrime. 27. That technical exchange element has been one of the most important and enduring benefits of the IEG’s work. The IEG forum has enabled states to canvass a range of technical and practical issues related to combatting cybercrime, encouraged meaningful exchange at a practitioner-level, and ensured States continue to benefit from the high degree of expertise and experience gathered in Vienna, as well as the resources of the UNODC and its Global Program on Cybercrime. 28. To enhance Member States’ ongoing ability to share information, continue practitioner-level technical engagement and foster technical assistance and capacity building, this element of the IEG’s work must endure, whether under the auspices of the IEG or in a different format. Longstanding consensus on the need for ongoing technical exchange 29. Despite their divergent views on the value of new international instruments, States have long agreed on the value of the IEG’s technical exchange function as a distinct component of its broader mandate. As early as the first meeting of the IEG in 2011, a number of States: ‘highlighted the importance of technical assistance and information-sharing, both under the auspices of a comprehensive international legal instrument and on the basis of more immediate needs and means of delivery. It was noted that the same issue was identified as a separate and specific priority by the Salvador Declaration’.2 30. At the second meeting of the IEG in 2013, experts again: ‘highlighted the importance of effective ongoing communications between States in order to share and address concerns about specific cases and increase understanding of what barriers existed and how they could be addressed’.3 31. The CCPCJ reaffirmed this broad agreement on the value of technical exchange and capacity- building in its resolution 22/7, when it underlined ‘the need for enhanced coordination and cooperation among States in combating cybercrime’4. The CCPCJ also confirmed in its resolution 1 A/RES/65/230, OP9. 2 Paragraph 31, UNODC/CCPCJ/EG.4/2017/2. 3 Paragraph 37 CCPCJ/EG.4/2017/3. 4 E/2013/30, p62.
22/8 the ‘broad support for capacity-building and technical assistance and for the role of the UNDOC in that regard’.5 32. In response to a recommendation of the Doha Declaration, CCPCJ resolution 26/4 extended the mandate of the IEG and gave it the framework for its current work plan. In so doing, the CCPCJ specifically highlighted the separate importance of the IEG’s work in facilitating technical exchange [emphasis added]: Requests [the IEG] to continue its work … and also requests the Expert Group to continue to exchange information on national legislation, best practices, technical assistance and international cooperation, with a view to examining options to strengthen existing responses and propose new national and international legal or other responses to cybercrime.6 33. In subsequent meetings of the IEG, States have repeatedly stressed the need for an ongoing facility for technical exchange, with at least eight separate recommendations highlighting the need for ongoing technical exchange and capacity building among States.7 34. Australia considers the IEG remains a critical forum for experts and practitioners to exchange information on their experiences and ongoing efforts to combat the ever-increasing threat of cybercrime, and that such exchange should continue beyond 2021. Options for ongoing technical exchange 35. Given the longstanding and widely-held support among States for an ongoing forum for expert and technical exchange, it is important to consider the most effective way to meet this need. 36. In Australia’s view, the IEG, as an established body with an existing UNGA mandate, is the forum best equipped to continue to facilitate international technical exchange. Once the comprehensive study on cybercrime is complete at the end of 2021, States could easily adapt the IEG’s mandate to focus solely on technical exchange, capacity building, and the identification and analysis of trends in cybercrime. 37. Alternatively, States may prefer to establish a new platform for discussions rather than adapt an existing one. If so, such a platform could be established as a separate mechanism, process or forum. As with the IEG, any new forum should be established in Vienna, under the auspices of the CCPCJ, to ensure States can continue to benefit from the expertise, experience and resources available in Vienna and in the UNODC. Such an arrangement would ensure States continue to have meaningful opportunities for technical exchange and capacity building. 38. It should be stressed that the Ad Hoc Committee (AHC) established by UNGA resolution 74/247 is not a suitable forum to facilitate the kind of technical and expert-led exchange that currently occurs under the auspices of the IEG, having neither the mandate nor the resources required. Rather, the AHC’s mandate is limited by the narrow terms of 74/247, to the elaboration of ‘a comprehensive international convention on countering the use of information and communications technologies for criminal purposes’.8 5 Ibid, p65 (OP1). 6 E/2017/30, p 34 (OP1). 7 See for example recommendations 4(p); 4(q); 5(l); 5(o); 7(i-l); 7(o); 8(rr); and 9(xx) in UNODC/CCPCJ/EG.4/2021/CRP.1. 8 A/RES/74/247, OP2.
39. In view of the AHC’s status as a subsidiary body of the General Assembly, it would not be appropriate for the CCPCJ to attribute to the AHC functions which were not within its existing mandate. In addition, Australia’s considers matters relating to criminal justice, including cybercrime, should be dealt with under the auspices of UN’s Vienna based institutions, the home of criminal justice in the UN system. To continue facilitating these essential technical discussions, States must either make use of the tools already available to them (the IEG) or create new dedicated/tailor- made/purpose-built ones. Irrespective of the mechanism under which States choose to continue much needed technical and expert exchange, duplication and overlap with other processes should be avoided.
Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime Austria aligns with the EU comments on the future work of the Expert Group. In our national capacity, we wish to make some additional remarks. Austria firmly supports the position that the Commission on Crime Prevention and Criminal Justice (CCPCJ) should renew the mandate of the Expert Group beyond 2021 as a platform for experts and practitioners in the field of cybercrime to exchange information and best practices. Whether the IEG is extended in its current form or a new forum for facilitating this expert exchange is established, future meetings should take place in Vienna, as the hub for international cooperation in all criminal matters and combatting cybercrime in particular. The UN seat is host to the necessary expertise and can be considered a repository of knowledge on the subject. The CCPCJ should continue to have leadership over the expert-driven forum. The United Nations Office on Drugs and Crime (UNODC) in Vienna is the right entity to take this work forward, both in terms of its mandate and its expert knowledge. Furthermore, we are ready to actively engage in the new process of the Ad Hoc Committee to elaborate a comprehensive international convention on countering the use of information and communications technologies for criminal purposes. However, Austria does not hold the view that the negotiation of a new convention on cybercrime is comparable to the exchange among experts in the field, which has been made possible through the IEG. A Vienna-based platform is needed that is separate from the political discussions on cybercrime policies and that allows practitioners to connect and share practical experiences from around the world. We look forward to a fruitful discussion on these matters at the seventh meeting of the Expert Group to Conduct a Comprehensive Study on Cybercrime, which will be held in Vienna, Austria, from 6 to 8 April 2021. Andromeda-Tower, 11th fl., Donau-City-Str. 6, 1220 Vienna Tel.: (+43/1) 263 72 91-0. Fax: (+43/0) 501159-600; E-mail: firstname.lastname@example.org
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime Canada agrees with the recommendations made at previous sessions of the Intergovernmental Expert Group on Cybercrime (IEG) that the IEG should continue its important work. Since its establishment in 2011, the IEG has proven to be an invaluable forum to advance our shared interest of combatting cybercrime at a time when individuals and groups are increasingly using the internet to commit criminal acts. And now, more than ever, the United Nations needs a forum for experts to exchange information and experiences, and collaborate, including on the development of best practices, emerging criminal phenomena, the identification impediments to the investigation and prosecution of cybercrime, and the development of prevention and capacity building strategies. Canada agrees that the Commission on Crime Prevention and Criminal Justice (CCPCJ) should extend the mandate of the IEG beyond 2021 (recommendation IV A8rr). Canada agrees that the IEG mandate needs to be revised bearing in mind the role of the open- ended ad hoc committee to elaborate a comprehensive international convention on cybercrime that was established in 2019 by United Nations General Assembly (UNGA) resolution A/RES/74/173. However, during that same session in 2019, UNGA also recognized the importance of the IEG as “an important platform for the exchange of information on national legislation, best practices, technical assistance and international cooperation with a view to examining options to strengthen existing responses and to propose new national and international legal or other responses for cybercrime” (A/RES/74/173). Therefore, bearing in mind these two resolutions, the IEG should continue to serve as a non-political forum for information exchange and to inform the negotiation process. Cybercrime and the challenges presented by electronic evidence are complex issues that need to be discussed by experts in a specific, focused forum. The IEG has already made significant strides in a number of important areas that are globally recognized as priorities in the fight against cybercrime, including bringing domestic legislation in-line with international standards, and has resulted in innovative capacity building initiatives. As suggested in recommendation II A4p, the IEG could continue to serve “as a platform for the exchange of information and best practices, including model laws or model clauses, relating to such issues as jurisdiction, special investigative techniques, electronic evidence, including challenges posed by the volatile nature of electronic evidence and its admissibility in court, and international cooperation”. Canada would also be interested in the IEG being mandated to conduct a regular assessment of cybercrime trends (II A4r, II B5o and III B7k) and assisting in drawing on best practices in existing instruments. Should the IEG no longer be in a position to continue to perform its mandate, Member States must consider an alternative forum for expert exchange with the UN Office on Drugs and Crime (UNODC) facilitating and the CCPCJ guiding the work.
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime The Permanent Mission of the Canada is pleased to respond to the “Compilation of all preliminary conclusions and recommendations suggested by Member States during the meetings of the Expert Group to Conduct a Comprehensive Study on Cybercrime held in 2018, 2019 and 2020.” Canada greatly appreciates the opportunity to provide feedback on the preliminary conclusions and recommendations. Canada extends its compliments to the IEG on the work undertaken to develop these recommendations and would like to highlight, in particular, the recommendations listed below as those that Canada finds particularly important and proposes including in the final submission to the Commission on Crime, Prevention and Criminal Justice. Canada would also like to emphasize, once again, that Canada supports the IEG’s continuation. I. Legislation and Frameworks Recommendations: Member States should pursue international cooperation without requiring full harmonization of national legislation, provided that the underlying conduct is criminalized and laws are sufficiently compatible to simplify and expedite the various forms of such cooperation (II A4(d)). Member States should ensure that their legislative provisions withstand the test of time with regard to future developments in technology by enacting laws with formulations that are technologically neutral and criminalize the activity deemed illegal instead of the means used (part of II A4(a). To ensure that relevant issues are properly considered, Member States should consult all relevant stakeholders, including intergovernmental stakeholders, the private sector and civil society, as early as possible when the decision is made to introduce cybercrime legislation (II A4(i)). Effective development, enactment and implementation of national legislation to counter cybercrime should be backed up by capacity-building measures and technical assistance programs. Member States should allocate appropriate resources for domestic capacity-building (part of II A4(l)). Member States should use and/or join existing multilateral legal instruments on cybercrime such as the Council of Europe Convention on Cybercrime (Budapest Convention), as they are considered by many States to be best practice models guiding appropriate domestic and international responses to cybercrime (II A4(t)). 1
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime Existing legal instruments and mechanisms, including the United Nations Convention against Transnational Organized Crime, should be taken advantage of by as many States as possible to strengthen international cooperation (II A4(u). II. Criminalization Recommendations: Member States should adopt and apply domestic legislation to criminalize cybercrime conduct and to grant law enforcement authorities procedural authority to investigate alleged crimes consistent with due process guarantees, privacy interests, civil liberties and human rights (II B5(b)). Member States should criminalize core cybercrime offences that affect the confidentiality, integrity and availability of computer networks and computer data, taking into account widely recognized international standards (II B5(d)). Member States should avoid criminalizing a broad range of activities by Internet service providers (ISPs), especially where such regulations may improperly limit legitimate speech and the expression of ideas and beliefs. Member States should instead work with ISPs and the private sector to strengthen cooperation with law enforcement authorities, noting in particular that most ISPs have a vested interest in ensuring that their platforms are not abused by criminal actors (II B5(i)). In effectively addressing cybercrime, Member States should take into consideration existing human rights frameworks, in particular as regards freedom of expression and the right to privacy, and should uphold the principles of legality, necessity and proportionality in criminal proceedings relating to the fight against cybercrime (II B5(n)); Member States should adopt and implement domestic legal evidence frameworks to permit the admission of electronic evidence in criminal investigations and prosecutions, including the appropriate sharing of electronic evidence with foreign law enforcement partners (II B5(j)). Member States should identify trends in the activities underlying cybercrime through research and should further evaluate the possibility and feasibility of mandating the Expert Group or UNODC to conduct and make available on an annual basis, with substantive contributions by Member States, an assessment of cybercrime trends (II B5(o)). III. Law Enforcement and Investigations Recommendations: 2
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime Member States should continue to use and/or join existing multilateral legal instruments on cybercrime such as the Budapest Convention, which is considered by many States to be the most relevant guide for developing appropriate domestic legislation – of both a substantive and procedural nature – on cybercrime and facilitating international cooperation to combat such crime (part of III A6(b)). Given that cybercrime requires medium- and long-term law enforcement strategies to disrupt cybercrime markets, including cooperation with international partners, those strategies should be proactive and preferably target organized cybercriminal groups, which may have members in numerous countries (III A6(i)). Domestic procedural laws must keep pace with technological advances and ensure that law enforcement authorities are adequately equipped to combat online crime. Relevant laws should be drafted taking into account applicable technical concepts and the practical needs of cybercrime investigators, consistent with due process guarantees, privacy interests, civil liberties and human rights, and safeguards ensuring judicial oversight. Moreover, Member States should devote resources to enacting domestic legislation that authorizes: (i) Requests for the expedited preservation of computer data to the person in control of the data – that is, Internet and communications service providers – to keep and maintain the integrity of those data for a specified period of time owing to their potential volatility; (ii) The search and seizure of stored data from digital devices, which are often the most relevant evidence of an electronic crime; (iii) Orders to produce computer data that may have less privacy protection, such as traffic data and subscriber data; (iv) The real-time collection of traffic data and content in appropriate cases; (v) International cooperation by domestic law enforcement authorities (III A6(k)); As cybercrime investigations require creativity, technical acumen and joint efforts between prosecutors and the police, countries should encourage close cooperation between public prosecutors and the police at an early stage in an investigation in order to develop sufficient evidence to bring charges against identified subjects (III A6(l)). Member States should take measures to encourage Internet service providers to play a role in preventing cybercrime and supporting law enforcement and investigation activities, including by establishing in their domestic legislation relevant provisions on the obligations of those service providers, and clearly define the scope and boundary of such obligations in order to protect the legitimate rights and interests of service providers (III A6(r); In view of the transnational nature of cybercrime and the fact that the large majority of global cybercrimes are committed by organized groups, Member States should also make greater use of the United Nations Convention against Transnational Organized Crime to 3
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime facilitate the sharing of information and evidence for criminal investigations relating to cybercrime (III A6(c)). IV. Electronic Evidence and Criminal Justice Recommendations: The admissibility of electronic evidence should not depend on whether evidence was collected from outside a country’s jurisdiction, provided that the reliability of the evidence is not impaired and the evidence is lawfully collected, for example, pursuant to a mutual legal assistance or multilateral treaty or in cooperation with the country that has jurisdiction (III B7(f)). Member States should foster capacity-building in order to improve investigations, increase understanding of cybercrime and the equipment and technologies available to fight it and enable prosecutors, judges and central national authorities to appropriately prosecute and adjudicate on such crime (III B7(c)). Member States should foster efforts to build the capacity of central authorities involved in international cooperation on requirements and procedures relating to mutual legal assistance, including by providing training on the drafting of comprehensive requests with sufficient information for obtaining electronic evidence (III B7(d)). Member States should consider the “prosecution team” approach, which combines the skills and resources of various agencies, bringing together prosecutors, investigative agents and forensic analysts to conduct investigations. That approach allows prosecutors to handle and present electronic evidence (III B7(e)). Member States should pursue action to enhance cooperation in gathering electronic evidence, including the following: (i) Sharing of information on cybercrime threats; (ii) Sharing of information on organized cybercriminal groups, including the techniques and methodology they use; (iii) Fostering of enhanced cooperation and coordination among law enforcement agencies and prosecutors; (iv) Sharing of national strategies and initiatives to tackle cybercrime, including national legislation and procedures to bring cybercriminals to justice; (v) Sharing of best practices and experiences related to the cross-border investigation of cybercrime; (vi) Development of a network of contact points between law enforcement authorities; (viii) Holding of workshops and seminars to strengthen the capacity of law enforcement authorities and judicial authorities for drafting requests, in the context of mutual legal assistance treaties, to collect evidence in matters related to cybercrime; 4
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime (xiii) Strengthening of the technical and legal capacities of law enforcement agencies, judges and prosecutors through capacity-building and skill development programs; (xv) Holding of workshops and seminars to raise awareness of best practices in addressing cybercrime (part of III B7(o)). Some judges are unfamiliar with digital evidence and as a result, this type of evidence is often subject to higher standards with regard to authentication and admission. However, consideration should be given to the fact that there is no practical reason to impose higher standards in relation to the integrity of digital evidence in contrast to traditional evidence.Digital evidence is no more likely to be altered or fabricated than other evidence. Indeed, it is arguably harder to alter or fabricate digital evidence because various mathematical algorithms, such as “hash values,” can be used to authenticate or provide evidence of an alteration (III B7(r)). V. International Cooperation Recommendations: With regard to international cooperation mechanisms, States were encouraged to accede to and/or use, in the absence of a bilateral mutual legal assistance treaty, existing multilateral treaties such as the United Nations Convention against Transnational Organized Crime and the Council of Europe Convention on Cybercrime that provide a legal basis for mutual legal assistance. In the absence of a treaty, States may ask another State for cooperation on the basis of the reciprocity principle; the Council of Europe Convention on Cybercrime should also be used as a standard for capacity-building and technical assistance worldwide (part of IV A8(b)). International cooperation to combat cybercrime should also take into account gender- and age-sensitive approaches and the needs of vulnerable groups (IV A8(l)). The efficiency of international cooperation should be improved by establishing rapid response mechanisms for international cooperation, as well as channels of communication through liaison officers and information technology systems between national authorities for the cross-border collection of evidence and online transfer of electronic evidence (IV A8(e)); Investment in or the establishment of a strong central authority for international cooperation in criminal matters to ensure the effectiveness of cooperation mechanisms involving cybercrime is recommended. It is also recommended that specific units be established to investigate cybercrime and that preservation requests by another State be addressed through a 24/7 network to preserve the required data as quickly as possible. Increased understanding of the information needed for a successful mutual legal assistance request may assist in obtaining the data more quickly (IV A8(hh)). 5
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime Member States should also consider establishing separate cybercrime units within central authorities for mutual legal assistance as a base of expertise in the complex area of international cooperation. Such specialized units not only provide benefit in the day-to-day practice of mutual legal assistance, but also allow for focused capacity-building assistance such as training to address the needs of domestic and foreign authorities on how to obtain mutual legal assistance involving electronic evidence quickly and efficiently in cyber-related matters (IV A8(ddd)). Member States should consider maintaining electronic databases that facilitate access to statistics relating to incoming and outgoing requests for mutual legal assistance involving electronic evidence, to ensure that reviews of efficiency and effectiveness are in place (IV A8(eee)); UNODC has developed the Mutual Legal Assistance Request Writer Tool to assist criminal justice practitioners in drafting mutual legal assistance requests. The Office has also developed the Practical Guide for Requesting Electronic Evidence Across Borders, available on request to government practitioners in Member States. Countries may benefit from employing those key tools developed by UNODC (IV A8(qq)). Countries are called upon to join, make wider use of and strengthen authorized networks of practitioners to preserve and exchange admissible electronic evidence, including 24/7 networks, specialized networks on cybercrime and INTERPOL channels for prompt police- to-police cooperation, as well as networking with strategically aligned partners, with a view to sharing data on cybercrime matters and enabling rapid responses and minimizing loss of critical evidence. The use of police-to-police cooperation and other methods of informal cooperation before using mutual legal assistance channels was also recommended (IV A8(t)). Each State should set up a genuine 24/7 point of contact, accompanied by appropriate resources, to facilitate the preservation of digital data alongside traditional international mutual assistance in criminal matters, drawing on the successful model of data freezing under the Council of Europe Convention on Cybercrime (IV A8(u)). The Commission on Crime Prevention and Criminal Justice should consider extending the workplan of the Expert Group beyond 2021 as a forum for practitioners to exchange information on cybercrime (IV A8(rr)). Some speakers recommended that the Commission on Crime Prevention and Criminal Justice should renew the mandate of the Expert Group and decide upon a workplan beyond 2021, which should also include emerging forms of cybercrime and the examination of issues related to online sexual abuse and exploitation of children (IV A8(uu)). Beyond domestic laws, international cooperation on cybercrime relies on both formal, treaty-based cooperation and traditional police-to-police assistance. When debating a new 6
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime instrument on cybercrime, it is important that countries remember that a new instrument should not conflict with existing instruments, which already enable international cooperation for many. Thus, countries should ensure that any new instrument on cybercrime avoids conflict with existing treaties (IV A8(ll)). Sustainable capacity-building and technical assistance to increase capabilities across operational areas and strengthen the capacity of national authorities to respond to cybercrime should be prioritized and increased, including through networking, joint meetings and training, the sharing of best practices, training materials, and templates for cooperation. Such capacity- building and training should include highly specialized training for practitioners that promotes, in particular, the participation of female experts, and should address the needs of legislators and policymakers to better handle issues of data retention for law enforcement purposes. The capacity-building and training should also be focused on improving the abilities of law enforcement authorities, investigators and analysts in forensics, in the use of open source data for investigations and in the chain of custody for electronic evidence, as well as in collecting and sharing electronic evidence abroad. Another focus of the capacity-building and training should be on improving the abilities of judges, prosecutors, central authorities and lawyers to effectively adjudicate and deal with relevant cases (IV A8(mm)); VI. Prevention Recommendations: When preventing and combating cybercrime, States should pay special attention to the issues of preventing and eradicating gender-based violence, in particular, violence against women and girls, and hate crimes (IV B9(e)); Cybersecurity practices are distinct from efforts to combat cybercrime. States should develop both a national cybercrime strategy, including national legislation or policy for cybercrime prevention, and a national cybersecurity strategy. Focus areas for national cybercrime strategies should include cybercrime prevention, public-private partnerships, criminal justice capacity and awareness-raising through published court decisions (IV B9(w)). Public-private partnerships, including cooperation with cybersecurity stakeholders and technology companies on information-sharing, are needed to prevent and combat cybercrime (IV B9(i)). “Criminal justice capacity” should be another area of focus in national cybercrime strategies. Assistance to developing countries should be a priority in order to strengthen law enforcement capacity in preventing cybercrime (IV B9(z)). Member States should avail themselves of capacity-building assistance from the UNODC Global Program on Cybercrime and other initiatives, including the Council of Europe Global Action on Cybercrime Extended programmes (IV B9(aa)) 7
Canadian Comments on Future Work of the Intergovernmental Expert Group (IEG) on Cybercrime States should undertake surveys to measure the impact of cybercrime on businesses, including measures implemented, employee training, types of cyberincidents that affect them and the costs associated with recovering from and preventing cyberincidents (IV B9(cc)). States should involve female experts in the prevention and investigation of cybercrime (IV B9(qq)); Member States should avail themselves of capacity-building assistance from the UNODC Global Programme on Cybercrime and other initiatives, including the Council of Europe Global Action on Cybercrime Extended programmes (IV B9(aa)) Efforts in the development of strategies for cybercrime prevention should also take into account the protection of human rights (IV B9(y)). 8
附件 中国对联合国网络犯罪政府间专家组 第七次会议书面评论意见 一、一般性评论 中方支持并欢迎专家组按照 2018 年至 2021 年工作计划就网 络犯罪有关实质问题开展的讨论。依据专家组第四至第六次会议 讨论，秘书处汇编形成了初步结论和建议，有关建议全面反映了 各国立足不同国情、不同法律制度和不同文化背景所实施的旨在 预防、应对和打击网络犯罪的意见和举措，不仅有助于各国交流 互鉴，也有助于强化打击网络犯罪国际合作。 由于会议模式、旅行限制等原因，专家组深入讨论汇编而成 的结论和建议并予以通过将面临巨大挑战。第七次会议应当根据 新形势，调整对会议成果的预期。如果各方无法就结论和建议达 成一致并在第七会议上通过，可以考虑直接将秘书处准备的汇编 提交给预防犯罪和刑事司法委员会，作为专家组的工作成果。相 信这样的汇编对委员会、对各国也具有重要的参考价值。 1
第 74 届联大通过第 247 号决议，授权成立政府间特设委员 会起草打击网络犯罪的全球性公约。这为各国强化合作、构筑全 球打击网络犯罪网络提供了宝贵机会。各国应当积极参与和支持 谈判进程，推动在联合国制定各方参与、包容开放的打击网络犯 罪全球性公约。 关于网络犯罪有关问题，中方愿重申并强调如下： （一）立法和框架 1、在国内层面，各国应立足网络数字技术迅猛发展和网络犯 罪手段快速更新的现实，强化相关政策和立法，为预防和强化打 击网络犯罪提供法律保障。 2、在国际层面，国际社会应高度重视网络犯罪的共同挑战， 积极开展打击网络犯罪国际合作，在用好现有多双边合作机制和 区域性打击网络犯罪平台的基础上，携手推动联合国打击网络犯 罪公约特委会尽快启动实质谈判，为在全球范围内强化打击网络 犯罪提供法律框架。 （二）定罪 1、加强对核心网络犯罪行为定罪的合作。可先将各国普遍关 注并能达成共识的网络犯罪行为纳入国际合作的范畴，并根据实 践不断补充。对于不能达成普遍共识的网络犯罪，也可按照国际 合作的一般原则开展协作。 2、顺应当前网络犯罪发展趋势，适当扩大网络犯罪范畴。将 2
互联网用于恐怖主义目的的犯罪、利用网络从事赌博、诈骗、贩 枪、儿童色情等犯罪、为他人实施网络犯罪提供技术支持或帮助 的犯罪、为实施犯罪而设立非法网络平台等也加以定罪。此外， 还应当将利用网络煽动仇恨犯罪，包括利用互联网煽动暴力、民 族仇恨，教唆、引诱实施严重暴力犯罪，编造虚假信息故意在网 络传播，危害公共安全和社会秩序等行为定罪。 （三）执法与调查 1、各国应重视加强对帮助行为、预备行为的调查和执法，以 应对网络犯罪日益加剧的链条化趋势。 2、各国应就云计算、暗网、加密货币、物联网等对网络犯罪 执法与调查的影响进行讨论，共同研究可行的应对之策。 3、鼓励各国通过立法明确网络服务提供者配合防范网络犯罪 和协助执法与调查的义务。例如,鼓励网络服务提供者采取技术措 施和其他必要措施，防范网络犯罪；制定网络安全事件应急预案， 及时处置系统漏洞、计算机病毒、网络攻击、网络侵入等安全风 险，保障网络安全。 （四）电子证据与刑事司法 1、各国应制定或完善立法，承认电子证据的证据能力，规定 电子证据的定义、范围、取证手段和采信规则等。同时，采取措 施加强网络犯罪电子证据取证能力建设，培养法律素养和技术知 识兼备的专业团队，加强在这方面的经验共享和培训合作。鼓励 3
联合国毒品和犯罪问题办公室在这一领域发挥作用。 2、各国跨国调取电子证据应尊重证据所在地的国家主权，遵 守正当程序，尊重相关个人和实体的正当权利，不得采取侵入性 和破坏性技术侦查手段跨国获取电子证据。 3、鼓励各国针对调查网络犯罪、调取电子证据的需要，协商 通过优化程序等方法，进一步畅通司法协助和执法合作渠道。各 国应考虑在打击网络犯罪全球性公约中纳入各方普遍接受的获取 境外电子证据条款，为解决跨国调取电子证据问题提供统一、权 威的指引。 （五）国际合作 1、各国应积极就打击网络犯罪开展国际刑事司法合作，包括 引渡、协助调查取证以及预防和打击国际转移非法所得等。 2、各国确立对网络犯罪的管辖权应尊重他国主权，反对与犯 罪缺乏真实、充分联系的过度域外管辖。鼓励各国加强沟通协商 以解决管辖权的冲突。 3、各国应建立网络犯罪司法协助和执法合作快速联络响应机 制和联系渠道，考虑通过采用电子签章等技术手段，实现跨境取 证法律文书和电子证据网上交换，提高国际合作效率。对保全电 子数据、提供日志信息等不涉及人身自由、财产权利，或对此类 权利影响较小的协助调查取证请求，在不违反被请求国法律的前 提下，被请求国应最大限度提供协助。 4
（六）预防 1、各国应将“预防为主，打防并重”作为打击网络犯罪的基 本原则，根据网络犯罪的新特点制定有针对性的预防犯罪举措。 2、各国应立法明确规定网络服务提供者预防网络犯罪的义 务，特别是安全风险预警、安全事件应急处置等义务。要求网络 服务提供者一旦发现其服务被用于实施网络犯罪，立即采取阻断 犯罪信息传播、关停钓鱼等涉案网站、关闭涉案域名等紧急处置 措施。 3、各国应建立国际网络威胁信息共享机制，对新型威胁技术、 作案手法及时共享、共同研究。 4、应加强对发展中国家的技术援助和培训，提升其预防网络 犯罪的能力。 5
Comments by the People’s Republic of China for the Seventh Meeting of the Open-Ended Intergovernmental Expert Group on Cybercrime I. General Comments China supports and welcomes the discussion of substantive issues of cybercrime by the Expert Group according to its work-plan for the period of 2018-2021. The preliminary conclusions and recommendations, compiled by the Secretariat based on discussions during the fourth to sixth meetings of Expert Group, fully reflect the suggestions and experiences of Member States in preventing and combating cybercrime, on the basis of different national situations, various legal systems and diverse cultural backgrounds. These recommendations could promote exchange of information, sharing of best practices and international cooperation on combating cybercrime. Due to the modality of the seventh meeting and travel restrictions, it would be extremely difficult for the Expert Group to have in-depth discussion of all the preliminary conclusions and recommendations, not to mention their adoption. Bearing in mind the challenging situation, it would be advisable for Member States to lower their expectations for the outcome of the seventh meeting of the Expert Group. If a consolidated list of conclusions and recommendations could not be agreed, Member States may consider to submit the compiled preliminary conclusions and recommendations in its entirety to CCPCJ as the outcome of the Expert 6
Group. We believe that the preliminary conclusions and recommendations could also provide valuable reference to CCPCJ as well as Member States. The 74th General Assembly adopted Resolution 74/247, which mandates the establishment of an open-ended ad hoc intergovernmental committee of experts to elaborate a comprehensive international convention on countering cybercrime. It provides a valuable opportunity for States to facilitate international cooperation and build a global network on combating cybercrime. States should support and actively participate in this process to negotiate a global convention on countering cybercrime under the auspices of United Nations, adhering to universal-participation, inclusiveness and openness. With respect to the substantive issues of cybercrime, China wish to reiterate and emphasize its position as follows: 1. Legislation and Frameworks (i) At the national level, bearing in mind the rapid development of digital technologies and their exploitation by cybercrime perpetrators, States should improve relevant policies and legislations to provide legal framework for preventing and combating cybercrime. (ii) At the international level, the international community should attach great importance to the common challenges of cybercrime, actively engage in the international cooperation on combating cybercrime. States should make good use of the existing multilateral and bilateral cooperation mechanisms and regional platforms for combating cybercrime, and work 7
together to support the UN Ad Hoc Committee to launch substantive negotiations in an earlier date, so as to provide a global legal framework for combating cybercrime. 2. Criminalization (i) States should strengthen cooperation on criminalization of core cybercrime activities. States may include crimes that are of wide concern and consensus into the scope of international cooperation, and extend this scope continuously according to practice. For those cybercrimes cannot get consensus among States, assistance could be provided on the basis of general principles of international judicial cooperation. (ii) Catering to the trend of current cybercrime, States should expand the scope of criminalization. States may criminalize such conducts, including using the internet for terrorism, gambling, fraud, trafficking of firearms, and child pornography, providing technical support or aid for cybercrime, setting up illegal internet platform for criminal purposes. In addition, using the internet to incite hate crimes, including inciting violence and hatred among different national groups, abetting and enticing others for serious violent crime, fabricating and spreading disinformation, and other activities jeopardizing public security and social order, should also be criminalized. 3. Law Enforcement and Investigation (i) States should strengthen investigation and law enforcement actions against acts of aiding and preparation of cybercrime, so as to effectively 8
You can also read